Description

You from a third party site to download a Wallpaper application, it does not require any permissions, so you figure it won't be the malicious applications.

But the University of California, Riverside researchers published a study PDF that does not require any permission the app can also steal your sensitive information.

This attack method is called the UI state inference attack, they targeted platform is Android, but think the otheroperating systemthere is a similar weakness.

The program opens a window needs to occupy a memory, a malicious program by monitoring the used memory and unused memory change, it can be inferred that you opened a which program of what window, such as a malicious program author to observe to open a PayPal login window take up how much memory is installed in your phone on the malicious program to monitor to the already occupied memory increased the same as the size of the space, it can infer that you are opening the PayPal login window, it can pop up a fake PayPal login window, lured you to enter the login information.

Through the statistical analysis process of the shared memory changes, the researchers were able to 9 2% The success rate of hijacking the Gmail application.

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2018

Protected by

{"viewCount": 0, "id": "MYHACK58:62201452884", "edition": 1, "history": [], "reporter": "\u4f5a\u540d", "lastseen": "2016-10-30T11:08:19", "published": "2014-08-25T00:00:00", "bulletinFamily": "info", "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.2", "type": "myhack58", "modified": "2014-08-25T00:00:00", "hash": "2bc4eb5045992d23c79f605e33e4fe52dcb1368691ce2670e14d87efa9ec585e", "title": "Researchers to 9 2% The success rate of hijacking the Gmail application-vulnerability warning-the black bar safety net", "cvelist": [], "references": [], "cvss": {"vector": "NONE", "score": 0.0}, "hashmap": [{"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "f4bba4b30c4ce4bc40d0420b3085f7f4", "key": "description"}, {"hash": "78b5edca32a3b53e919ef9d6be13d63b", "key": "href"}, {"hash": "6bb80e643364a89335e42bb23b992b54", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6bb80e643364a89335e42bb23b992b54", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "645396391020478112635e14b34a0f8b", "key": "reporter"}, {"hash": "d53ee4fde85d4e06614e38cee3fb0653", "key": "title"}, {"hash": "0665a8b0792e65b50ab13aef58a018dc", "key": "type"}], "description": "You from a third party site to download a Wallpaper application, it does not require any permissions, so you figure it won't be the malicious applications.\n\nBut the University of California, Riverside researchers published a study PDF that does not require any permission the app can also steal your sensitive information.\n\nThis attack method is called the UI state inference attack, they targeted platform is Android, but think the other[operating system](<http://www.myhack58.com/Article/48/Article_048_1.htm>)there is a similar weakness.\n\nThe program opens a window needs to occupy a memory, a malicious program by monitoring the used memory and unused memory change, it can be inferred that you opened a which program of what window, such as a malicious program author to observe to open a PayPal login window take up how much memory is installed in your phone on the malicious program to monitor to the already occupied memory increased the same as the size of the space, it can infer that you are opening the PayPal login window, it can pop up a fake PayPal login window, lured you to enter the login information.\n\nThrough the statistical analysis process of the shared memory changes, the researchers were able to 9 2% The success rate of hijacking the Gmail application.\n", "href": "http://www.myhack58.com/Article/html/3/62/2014/52884.htm"}